Open jimleroyer opened 11 months ago
PR for the new script in the attic: https://github.com/cds-snc/notification-attic/pull/40
Merged into the attic main branch. Will wait a bit before moving to Done to provide Steve's a chance to look at it.
tested locally, LGTM - only thing I needed to do differently was add the database name to the loading commands, ie
psql -h db -p 5432 -U postgres -f schema.sql notification_api
psql -h db -p 5432 -U postgres -f data.sql notification_api
Description
As an ops lead, I want to scan content of notifications (templates, templates history and personalized vars), for sensitive strings that might cause a security risk, So that I can properly report back to security folks.
WHY are we building?
To be able to search our overall notifications content in a quasi automated way.
WHAT are we building?
A script that will analyze a local database with the sensitive content.
VALUE created by our solution
Quick response time on incidents that involve notifications sending risky content.
Acceptance Criteria
QA Steps